What are the responsibilities and job description for the Sr Security Engineer position at NYC IT Inc?
| MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered.
● 12 years of experience in application security, with a proven track record of conducting vulnerability assessments, penetration testing, and secure code reviews.
● Extensive experience in secure application development, including knowledge of security frameworks like OWASP Top 10, and the ability to guide development teams in implementing secure coding practices.
● Proficiency in Software Composition Analysis (SCA) tools (e.g., Veracode, AppSec) for identifying and managing vulnerabilities in open-source libraries and third-party components.
● Advanced knowledge of static and dynamic application security testing (SAST/DAST) tools (e.g., Veracode, AppSec, Burp Suite) and integrating these tools into CI/CD pipelines for automated security checks
. ● Strong cloud security expertise, including securing applications and workloads on AWS, Azure, or GCP, and experience with Web Application Firewalls (WAF) and cloud-native security services.
|
| DESIRABLE SKILLS/EXPERIENCE:
● Advanced cloud security experience: Experience securing cloud environments (AWS, Azure, GCP) with tools like Web Application Firewalls (WAF), and implementing IAM, encryption, and monitoring tools.
● Experience with scripting and automation, using Python, Bash, or PowerShell, to automate security tasks, integrate security testing tools, and improve the efficiency of security operations.
● Strong communication skills: Ability to effectively explain complex security concepts and risks to both technical teams and non-technical stakeholders, ensuring alignment on security measures.
● Leadership and mentoring skills: Experience leading security teams or initiatives, mentoring junior engineers, and fostering a culture of security awareness within the organization.
● Collaboration and cross-functional teamwork: Proven ability to work effectively with development, DevOps, and IT teams to integrate security into all aspects of the business, ensuring security goals align with business objectives.
● Highly flexible/willing to learn new technologies.
● Highly organized with excellent analytical, problem solving and decision-making skills.
Additional Qualifications:
● Certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP), or GIAC Web Application Penetration Tester (GWAPT) are highly preferred.
● Knowledge of compliance standards like NIST, PCI-DSS, and GDPR and how they apply to application security.
● 12 years of experience in application security, with a proven track record of conducting vulnerability assessments, penetration testing, and secure code reviews.
● Extensive experience in secure application development, including knowledge of security frameworks like OWASP Top 10, and the ability to guide development teams in implementing secure coding practices.
● Proficiency in Software Composition Analysis (SCA) tools (e.g., Veracode, AppSec) for identifying and managing vulnerabilities in open-source libraries and third-party components.
● Advanced knowledge of static and dynamic application security testing (SAST/DAST) tools (e.g., Veracode, AppSec, Burp Suite) and integrating these tools into CI/CD pipelines for automated security checks
. ● Strong cloud security expertise, including securing applications and workloads on AWS, Azure, or GCP, and experience with Web Application Firewalls (WAF) and cloud-native security services.
|
| DESIRABLE SKILLS/EXPERIENCE:
● Advanced cloud security experience: Experience securing cloud environments (AWS, Azure, GCP) with tools like Web Application Firewalls (WAF), and implementing IAM, encryption, and monitoring tools.
● Experience with scripting and automation, using Python, Bash, or PowerShell, to automate security tasks, integrate security testing tools, and improve the efficiency of security operations.
● Strong communication skills: Ability to effectively explain complex security concepts and risks to both technical teams and non-technical stakeholders, ensuring alignment on security measures.
● Leadership and mentoring skills: Experience leading security teams or initiatives, mentoring junior engineers, and fostering a culture of security awareness within the organization.
● Collaboration and cross-functional teamwork: Proven ability to work effectively with development, DevOps, and IT teams to integrate security into all aspects of the business, ensuring security goals align with business objectives.
● Highly flexible/willing to learn new technologies.
● Highly organized with excellent analytical, problem solving and decision-making skills.
Additional Qualifications:
● Certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP), or GIAC Web Application Penetration Tester (GWAPT) are highly preferred.
● Knowledge of compliance standards like NIST, PCI-DSS, and GDPR and how they apply to application security.
Salary : $75 - $85
